On Wed, 9 Jul 2025 20:02:30 +0200 Morten Brørup <m...@smartsharesystems.com> wrote:
> Are there any access control mechanisms to govern what a secondary process > can do to a primary process? > > Let's say I'm running a primary process, and want to allow only authorized > secondary processes to attach to it. No unauthorized secondary processes > should be able to attach to it. > > I assume there is no fine grained control over which features various > secondary processes can access. > > > Med venlig hilsen / Kind regards, > -Morten Brørup > No DPDK does not have any access control mechanism itself. But it the wrong place to do it. What you want to protect is access to hugepages and device memory as well as the unix domain socket channel to the primary process. For the typical case where both run as root, there really isn't anything that can be done. But if you want security, the DPDK primary process should be running in a container with only certain privledges granted. And the container isolation would protect it.
